Hey 👋

This is Max’s (aka w2w) blog dedicated to security research and white hat hacking

Bugs showcase #2 - Privilege escalation using improper preservation of permissions during the OAuth app installation

‎

May 31, 2023 Â· 4 min Â· 837 words

Bugs showcase #1: Chaining a lack of values correlation, linear growth of attempts, and other omissions in OTP implementations to achieve 2 ATOs

This post describes two account takeover vulnerabilities w/o user interaction resulting from multiple omissions in the OTP implementations.

January 19, 2023 Â· 10 min Â· 2001 words

Multi-factor authentication security testing and possible bypasses

This post contains 11 methods of MFA bypassing

January 9, 2020 Â· 16 min Â· 3365 words

Exploitaiton of Cookie-Based XSS vulnerabilities

A guide on how to exploit Cookie-Based XSS bugs

July 17, 2019 Â· 9 min Â· 1715 words

Disclosure of 5 million links to the Telegram private chats and the possibility of editing any article on Telegra.ph

‎

March 29, 2018 Â· 9 min Â· 1889 words

How I hacked companies related to cryptocurrency

A tale of 7 vulnerabilities on services related to the cryptocurrency

December 21, 2017 Â· 12 min Â· 2361 words